Guard against Zombie Poodle

Zombie POODLE and GOLDENDOODLE are similar to ROBOT, DROWN and many other vulnerabilities affecting HTTPS, these issues stem from continued use of cryptographic modes which should have been long ago deprecated and yet are inexplicably still supported in TLSv1.2. In this case, the troublesome feature is that TLSv1.2 supports CBC mode ciphersuites.

Impact:

The attack requires a man-in-the-middle (MITM) position to employ the attack. It takes valid records and alters either MAC or Padding or cause TLS errors. If the TLS server responds differently to each of these errors then it can leak information about the plain text message.

Mitigation (On Host Device):

Disable all support for CBC cipher suites on the web server, such as Apache.

Mitigation (On Network):

Update to the latest version of IDP signature and then enable the IDP function to protect your host.